Security & Testing Claudeスキル

Data Integrity & Tampering Analysis

Identifies security vulnerabilities related to unauthorized data modification and injection attacks using the STRIDE threat model.

API Security Audit

Analyzes REST and RPC APIs for security vulnerabilities aligned with the OWASP API Security Top 10.

Root Cause Tracing

Systematically traces bugs backward through the call stack to identify and fix the original trigger rather than the symptom.

Web Application Testing

Automates browser testing and UI verification for local web applications using Playwright and managed server lifecycles.

Systematic Debugging

Implements a rigorous four-phase framework to identify root causes and ensure permanent fixes before modifying code.

Shell Script Quality

Lints and tests bash scripts using ShellCheck and BATS to ensure production-grade shell code and reliable automation.

Doc Detective Project Bootstrap

Automatically initializes and configures Doc Detective to validate procedural documentation through intelligent test generation and iterative fixing.

Authentication Patterns

Implements secure authentication and authorization systems using JWT, OAuth2, and advanced access control models.

Jest Coverage Pro

Configures and analyzes Jest code coverage to ensure comprehensive testing and high-quality software development.

Better Auth Best Practices

Simplifies the integration of Better Auth into TypeScript applications with optimized configurations and security-first implementation patterns.

Access Control Security Auditor

Analyzes source code to identify and remediate broken access control vulnerabilities including IDOR, CORS leaks, and privilege escalation.

HardStop Safety Shield

Protects your system by validating AI-generated shell commands and blocking dangerous operations before execution.

Jest Mocking Patterns

Provides expert guidance and code patterns for implementing comprehensive mocking strategies in Jest-based testing environments.

HardStop Command Safety

Protects your system from dangerous AI-generated shell commands and hallucinations through real-time safety validation.

Hardstop Safety Protocol

Protects your system by intercepting and validating AI-generated shell commands before execution to prevent data loss and security breaches.

Hardstop Safety Guard

Protects systems by validating AI-generated shell commands and file operations against a comprehensive safety protocol before execution.

VCP Security & Compliance Audit

Performs comprehensive security and compliance audits against VCP standards to ensure AI-generated code is secure and production-ready.

VCP Security & Compliance Audit

Performs comprehensive codebase audits against security, architecture, and regulatory standards using a multi-agent validation pipeline.

VS Code TDD Expert

Guides the implementation of Test-Driven Development for VS Code extensions using the t-wada methodology to ensure robust command, WebView, and terminal logic.

Doc Detective Testing

Verifies documentation procedures by converting them into executable Doc Detective test specifications and validating them automatically.

Security Audit Scanner

Automates comprehensive security audits, vulnerability scanning, and secret detection for complex multi-service architectures.

Smart Test Fixer

Systematically identifies, groups, and resolves failing tests to restore codebase stability and achieve a green test suite.

Secrets Management for CI/CD

Implements secure handling, storage, and rotation of sensitive credentials across major CI/CD platforms and cloud providers.

Solidity Smart Contract Security

Implements secure smart contract development patterns and identifies critical vulnerabilities in Solidity code to ensure robust blockchain applications.

SAST Configuration & Security Scanning

Configures and automates Static Application Security Testing (SAST) tools for comprehensive vulnerability detection in application code.

Python Testing Patterns

Implements comprehensive Python testing strategies using pytest, fixtures, mocking, and test-driven development best practices.

Web3 Smart Contract Testing

Implements comprehensive smart contract testing suites using Hardhat and Foundry to ensure blockchain security and gas efficiency.

Root Cause Tracing

Systematically traces bugs through call stacks to identify and fix the original source of errors rather than just their symptoms.

Auth Manager

Secures and organizes API keys and authentication credentials for external services within the Claude Code environment.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all production code is verified by failing tests first.